Tinc is open source software for creating VPNs, virtual private networks over other physical channel such as the Internet, where individual participating hosts (nodes) appear to applications as if connected by wire in LAN.

Tinc utilizes asymmetric cryptography. Each node has its own private key, a public key and another public key; one for each participating node. These files are, together with a few configuration files, stored in /etc/tinc/<VPN name> directory.

* Fine-tune configuration in /etc/tinc/<VPN name>/tinc.conf. Skip ConnectTo if deamon should passively wait for connections. Interface is name of virtual network card, see more below. Optionally set listening port, especially if you intend to run multiple daemons/VPNs.

* Fine-tune public key file in /etc/tinc/<VPN name>/hosts/<this node>. Public IP may be also a hostname/domain, which is convenient in case you e.g. change ISP, but keep DNS name. Port should be same as in tinc.conf, but may differ if e.g. you are behind NAT with port forwarding from one port number to different port number. Let other nodes have this file and place their public key files here.

Preferably uninstall any possible existing TUN/TAP devices (virtual NICs). Tapinstall utility is part of Tinc package, should be in its install dir somewhere.

C:\path\to\tapinstall.exe remove tap0901

Instalar nuevos dispositivos TUN/TAP device.

C:\path\to\tapinstall.exe install OemWin2k.inf tap0901

Device drivers actually seem to come from OpenVPN project. Which is good, because they are signed; Windows are quite hostile towards unsigned drivers lately.

Configuración

There are a few differences in Windows configuration.

You still generate initial configuration files, but place them in into where Tinc is installed, which should be something like C:\Program Files\tinc\<VPN name>

In tinc.conf, omit Interface directive, because Tinc daemon will then automatically select TUN/TAP device and directive may do more harm than good. Especially if Tinc service starts and fails immediately, check that Interface is not set.

Tinc-up script is not used on Windows. You created persistent TUN/TAP device during installation (did you?) and now only manually configure IP (run ncpa.cpl, see properties of device and so on). This can be also scripted with command such as: